Intro WG Dimension v1 0

Introduction to Introduction to WatchGuard Dimension™WatchGuard Dimension™

WatchGuard Training

Introduction to WatchGuard DimensionIntroduction to WatchGuard Dimension

What is WatchGuard Dimension?

Deploy WatchGuard Dimension

Configure WatchGuard Dimension

Use WatchGuard Dimension

Support WatchGuard Dimension

WatchGuard Training 22

What is WatchGuard Dimension?What is WatchGuard Dimension?


What is WatchGuard Dimension?What is WatchGuard Dimension?

Secure and centralized logging, visibility, and reporting for XTM devices and WatchGuard servers• New ways to visualize network data

• Dashboards with simple drill-down into detailed log and report information

• Customizable reports that can be emailed to different roles in the organization

• Complements Web UI visibility tools in XTM OS v11.8

• Reports available after first summary report period (5 minutes)

• All reports are ‘on demand’ all the time

Cloud-ready zero-installation deployment• Delivered as a virtual appliance for ESXi (.ova)

• Running on 64-bit Linux

• Driven by Postgres 9.2

• Web interface supports most desktop and mobile browsers


What is Dimension? — ArchitectureWhat is Dimension? — Architecture

Log Collector — Receives logs from devices, aggregates data Web Services — Serves web application to users and

administrators Log Server — Provides API for log data, provisioning, and

automated maintenance Database — Persistent storage for log and report data


Deploy WatchGuard DimensionDeploy WatchGuard Dimension


Deployment — Requirements Deployment — Requirements

WatchGuard Dimension is distributed as an .ova file for installation on VMware ESXi 5.x.• Your ESXi host must support 64-bit guest operating systems

• WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors. It can also be installed in VMware Workstation, Player, Fusion environments, which is a great option for training and demonstration.

• WatchGuard is not currently available on any non-VMware hypervisors. WatchGuard Dimension is available on the Software Downloads

pages with the downloads for XTM devices.1.Log in to WatchGuard.com2.Browse to Articles & Software3.Filter by Software Downloads (excluding Articles and Known Issues)


DeploymentDeployment

After downloading the WatchGuard Dimension virtual appliance (.ova) connect to your ESXi host with vSphere.

From the File menu, select Deploy OVF Template.



Browse to the downloaded WatchGuard Dimension OVA and select that as your source.



Confirm the OVF Template Details and Accept the EULA.



Choose a name and disk format for this VM.



Map the virtual network adapter to the appropriate destination network.

Note:• WatchGuard Dimension’s network adapter defaults to DHCP.

• You will need a DHCP server on the network for Dimension to receive an IP address and access the setup wizard web interface.



Confirm the deployment settings. Note the disk allocation defaults to 43GB.

• 3GB for OS drive (disk 1)

• 40GB for Data drive (disk 2)

Power on after deployment if youwant to keep the default settings.



Changing the provisioned size of Hard disk 2 before boot (or reboot) will result in more storage for logging and reports.

Other defaults include:• 2GB of RAM

• 2 CPUs (2 sockets, 1 core each)



Notes:• The Dimension VM is deployed by default with a data disk size of 40GB.

• The data disk is fully reserved for the log database and the related overhead space required by Postgres.

• After the Dimension VM is deployed, the data disk size cannot be reduced.

• To limit the size to be less than 40GB and avoid data loss, you must remove and re-add Hard disk 2 before you power on the VM for the first time.



Once your VM is powered on, you see the IP address assigned to Dimension through DHCP.

Use this this IP address tomake an HTTPS connectionto Dimension and start theDimension Setup Wizard.


Configure WatchGuard DimensionConfigure WatchGuard Dimension


Configuration — RequirementsConfiguration — Requirements

WatchGuard Dimension supports these web browsers:• Firefox v22 and later

• Internet Explorer 9 and later

• Safari 5 and later

• Safari on iOS 6 and later

• Chrome v29 and later You should be able to successfully use WatchGuard Dimension on

most mobile phone and tablet devices. Connect to Dimension in a web browser at https://<dimension-IP-

address>


Configuration — Setup WizardConfiguration — Setup Wizard

Accept the securitywarning to continue to connect to WatchGuard Dimension.



Log in with these credentials:• User Name: admin

• Password: readwrite



Make sure you have this information before you start the Setup Wizard:• Host name

• IPv4 address and settings for the eth0 interface

• Administrator passphrase

• Log Server Encryption Key



Specify the host namefor Dimension

Select the IP address method: • Static

• DHCP For a static IP address,

we recommend that you specify an IPv4 address.



Set the Administrator Passphrase to use to connect to Dimension and manage the Dimension servers.

The Administrator Passphrase must have a minimum of 8 characters.



Set the Log ServerEncryption Key.


Configuration — XTM DevicesConfiguration — XTM Devices

WatchGuard Dimension can accept log messages and generate reports for any device that runs Fireware XTM OS.

WatchGuard Dimension can also accept log messages from a WatchGuard Management Server or Quarantine Server.• On an XTM device, use the IP address and Encryption Key from

WatchGuard Dimension when you configure the WatchGuard Log Server settings.

• On WatchGuard servers, use the same IP address and Encryption Key in the Logging settings.

In some environments you may be NATing the HTTPS and WatchGuard Logging connections through your XTM device. This changes the IP address you use to connect to WatchGuard Dimension or where you send WatchGuard Logging connections.


Configuration — After the Wizard…Log InConfiguration — After the Wizard…Log In

Multiple “Super administrator users” can be logged in at the same time

Configuration pages have modes:• RO (Read-Only)

• RW (Read-Write)


Configuration — After the Wizard…Manage ServicesConfiguration — After the Wizard…Manage Services

The Manage Services drop-down list includes the menu options to configure settings for Dimension:• Schedule Reports

• Manage the Log Server

• Manage the Log Database

• Manage user accounts

• Configure System Settings


Configuration — System SettingsConfiguration — System Settings

Configure System and Network settings

Manage certificates System Maintenance

• Reboot

• Upgrade

• Restore Factory default!!!!

• Diagnostic Tools View Connected Users


Configuration — User ManagementConfiguration — User Management

Manage Users and Roles• Add, edit, or remove users

• Apply roles: RO – View-only RW – Read-write

Active Directory Settings• Enable Active Directory

Authentication

• Specify an Active Directory Server


Configuration - UsersConfiguration - Users

Add/Edit User:• Types:

Local Active Directory

• Specify password

• Select Roles

• Select Devices


Configuration — UsersConfiguration — Users

Role policy same as WSM• User + List of roles + List of Devices

User authentication similar to WSM:• Local user, AD user, AD Group

• AD requires DNS to resolve DCs by internal domain name Built-in roles only (no custom roles)

• Super Administrator Full access

• Report Administrator View logs View reports Manage scheduled reports and groups

• View Logs

• View Reports Applied to a list of devices


Configuration — Logging Server ManagementConfiguration — Logging Server Management

On the Status page:• View the status of

the Log Server

• Stop and start theLog Server



On the Configuration > General page, you configure these settings for the Log Server:• Change the Encryption Key

• Specify the log data deletion settings

• Back up and restore the Log Server database



On the Configuration > Notifications page, configure the settings for email:• Failure Events

• Device Events

• Message Purge Must be configured to send

scheduled reports



On the Configuration > Notifications page, configure the settings for reports:

Report Customizationsare templates to apply toreport PDFs:• Header

• Footer

• Logo Configure settings for

ConnectWise Integration



On the Diagnostics page, you can use these diagnostic tools:• Purge diagnostic logs

• Backup/Restore Log Serverdatabase

• View Process List

• View Log Server log messages

• View Log Collector log messagess


Configuration — Schedule ReportsConfiguration — Schedule Reports

Report Schedules• RO — View only

• RW — Add/Edit/Removescheduled reports

Before scheduled reports can be sent, an SMTP server must be configured in the Notifications settings



Schedule General settings• Name

• Descripton (optional)



Device Selection• Devices:

All Devices Specify Devices

• Servers: All Servers Specify Servers



Recipient Selection• Must add at least

one recipient



Report Selection• Report Types

• Timezone For report display

purposes only.Web-based reports appear in the browser/OS time zone.

• Customization

• Aggregation Single (per device) Combined (grouped

devices)

• Frequency


Configuration — New Summary ReportsConfiguration — New Summary Reports

Schedule two new Reports:• Executive Summary

• Web Traffic Summary Both new reports are available as scheduled reports that you can

send to specific email addresses. Both reports can use any Report Customization (report template)

that you create.


Configuration — Executive Summary ReportConfiguration — Executive Summary Report

Executive Summary report• Sent as a PDF file

• Specify a logo, header, and footer to customize the report


Configuration — Web Traffic Summary ReportConfiguration — Web Traffic Summary Report

Web Traffic Summary report• Sent as a PDF file

• Specify a logo, header, and footer to customize the report

• Report includes the Top Domains chart with the Web Categories (in a pie chart), and removes any byte counts or tabular information


Use WatchGuard DimensionUse WatchGuard Dimension



To get the most out of Dimension, make sure to:• Select Enable logging for reports in proxy actions on your XTM

devices and WatchGuard Servers.

• Enable logging of Allowed Packets in all policies.

• Configure your XTM devices and WatchGuard servers to send all log messages to your Dimension Log Server.




Log Messages Reports Dashboards

Packet Filter Allowed Logs Web, Packet Filter, Top Client, Application Control Executive, Threat Map, FireWatch

Packet Filter Denied Logs

Web, Packet Filter, Denied Packet, Top Client, Application Control Security, Threat Map

Intrusion Prevention Logs IPS, Denied Packet Security, Threat Map

Log when configuration has changed Authentication, Audit

All Proxies: ‘Enable logging for reports’ GAV, IPS, SPAM, Application ControlExecutive, Security, Threat Map, FireWatch

HTTP Proxies: ‘Enable logging for reports’ Web, Firebox Statistics, REDExecutive, Security, Threat Map, FireWatch

FTP Proxies: ‘Enable logging for reports’ Firebox StatisticsExecutive, Security, Threat Map, FireWatch

SMTP Proxies: ‘Enable logging for reports’ SMTP, Firebox StatisticsExecutive, Security, Threat Map, FireWatch

POP3 Proxies: ‘Enable logging for reports’ POP3, Firebox StatisticsExecutive, Security, Threat Map, FireWatch

Any alarms GAV, Alarms

Executive DashboardExecutive Dashboard

Top 10• Clients

• Domains

• URL Categories

• Destinations

• Applications

• Application Categories

• Protocols Click a summary to

expand it and see more detail.


Security DashboardSecurity Dashboard

Top 10 Blocked• Clients

• Destinations

• URL Categories

• Applications

• Application Categories

• Protocols IPS Signatures Gateway Anti-Virus Click a summary to

expand it and see moredetail.


Threat MapThreat Map

Denied Packets(Blocked)

Intrusion PreventionService

Web Traffic Application Control All Traffic


FireWatchFireWatch

Sort by:• Source

• Destination

• Domains

• Application

• WebBlocker

• Protocol Pivot on:

• Bytes (Not available for packet filter traffic prior to XTM OS v11.8)

• Connections Hover for more detail:

• Filter further

• Show connections


Log ManagerLog Manager

Log messages stored in UTC time

Appears in your web browser’s local time


Log SearchLog Search

Run simple or complex search queries to refine the log messages that appear for the selected XTM device.

Filter the search resultsby log message type:• Traffic

• Alarm

• Event

• Diagnostic

• Statistic

• All


Other Available ReportsOther Available Reports

The same reports areavailable that werepreviously available on your WatchGuard Report Server

Select options to pivoton from the pivotdrop-down list

Export the report to a PDF file


Support WatchGuard DimensionSupport WatchGuard Dimension


Dimension Support — Console AccessDimension Support — Console Access

vSphere console shows command line access Login with wgsupport/readwrite (must change the password on

initial login)• Account restricted to only change the IP address

• To set a static IP address, use the command wg_ip_addr.sh, located in /opt/watchguard/dimension/bin. For example, to set a static IP address of 192.168.24.101 on network 192.168.24.0/24 with gateway 192.168.24.1, type: /opt/watchguard/dimension/bin/wg_ip_addr.sh -i 192.168.24.101 -m 24 -g 192.168.24.1

• When given without any options, or with the option --help, the command displays help text.

Support Access for Diagnostics is available with a connection restricted by a client-side certificate.


Dimension Support — Known LimitationsDimension Support — Known Limitations

No external database Local Backup/Restore No host name resolution Cannot import log files to Dimension Certificates must use CSR

• No external private key


Thank You!Thank You!


Documents

Intro WG Dimension v1 0